Bug 1900565
| Summary: | Further improve performance of JSON echo functionality | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Phil Sutter <psutter> |
| Component: | nftables | Assignee: | Phil Sutter <psutter> |
| Status: | CLOSED ERRATA | QA Contact: | Tomas Dolezal <todoleza> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.4 | CC: | egarver, jpeska, todoleza |
| Target Milestone: | rc | Keywords: | Triaged, Upstream |
| Target Release: | 8.4 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | nftables-0.9.3-17.el8 | Doc Type: | Enhancement |
| Doc Text: |
Feature:
Performance of 'nft --echo --json' has been improved. The required mapping from kernel response containing assigned handles to user input was slow if user input was huge, e.g. when restoring a set with many elements. Via introduction of a hash table for this purpose, the delay is avoided entirely.
Reason:
Firewalld is a user of libnftables' JSON API, maintaining blacklists in there could lead to significant startup delay depending on list size.
Result:
No slowdown in firewalld anymore.
|
Story Points: | --- |
| Clone Of: | 1835300 | Environment: | |
| Last Closed: | 2021-05-18 15:10:15 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1835300 | ||
| Bug Blocks: | |||
And one more follow-up to the original backport:
commit 48917d876d51cd6ba5bff07172acef05c9e12474
Author: Florian Westphal <fw>
Date: Mon Dec 14 16:53:29 2020 +0100
json: don't leave dangling pointers on hlist
unshare -n tests/json_echo/run-test.py
[..]
Adding chain c
free(): double free detected in tcache 2
Aborted (core dumped)
The element must be deleted from the hlist prior to freeing it.
Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
Signed-off-by: Florian Westphal <fw>
One more follow-up to the original backport:
commit 48917d876d51cd6ba5bff07172acef05c9e12474
Author: Florian Westphal <fw>
Date: Mon Dec 14 16:53:29 2020 +0100
json: don't leave dangling pointers on hlist
unshare -n tests/json_echo/run-test.py
[..]
Adding chain c
free(): double free detected in tcache 2
Aborted (core dumped)
The element must be deleted from the hlist prior to freeing it.
Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()")
Signed-off-by: Florian Westphal <fw>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (nftables bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2021:1722 |
There's a required follow-up, above improvement by itself does not work and breaks JSON echo functionality: commit 299ec575faa6b070940b483dc517ecd883b9f1a4 Author: Phil Sutter <phil> Date: Wed Dec 2 23:07:11 2020 +0100 json: Fix seqnum_to_json() functionality Introduction of json_cmd_assoc_hash missed that by the time the hash table insert happens, the struct cmd object's 'seqnum' field which is used as key is not initialized yet. This doesn't happen until nft_netlink() prepares the batch object which records the lowest seqnum. Therefore push all json_cmd_assoc objects into a temporary list until the first lookup happens. At this time, all referenced cmd objects have their seqnum set and the list entries can be moved into the hash table for fast lookups. To expose such problems in the future, make json_events_cb() emit an error message if the passed message has a handle but no assoc entry is found for its seqnum. Fixes: 389a0e1edc89a ("json: echo: Speedup seqnum_to_json()") Cc: Derek Dai <daiderek> Signed-off-by: Phil Sutter <phil>